Return-Path: Delivered-To: apmail-maven-continuum-dev-archive@www.apache.org Received: (qmail 35586 invoked from network); 27 Dec 2006 00:17:04 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 27 Dec 2006 00:17:04 -0000 Received: (qmail 73604 invoked by uid 500); 26 Dec 2006 20:17:12 -0000 Delivered-To: apmail-maven-continuum-dev-archive@maven.apache.org Received: (qmail 73589 invoked by uid 500); 26 Dec 2006 20:17:11 -0000 Mailing-List: contact continuum-dev-help@maven.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: continuum-dev@maven.apache.org Delivered-To: mailing list continuum-dev@maven.apache.org Received: (qmail 73576 invoked by uid 99); 26 Dec 2006 20:17:11 -0000 Received: from herse.apache.org (HELO herse.apache.org) (140.211.11.133) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 26 Dec 2006 12:17:11 -0800 X-ASF-Spam-Status: No, hits=-0.0 required=10.0 tests=SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (herse.apache.org: domain of carlossg@gmail.com designates 64.233.182.187 as permitted sender) Received: from [64.233.182.187] (HELO nf-out-0910.google.com) (64.233.182.187) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 26 Dec 2006 12:17:02 -0800 Received: by nf-out-0910.google.com with SMTP id l24so4548044nfc for ; Tue, 26 Dec 2006 12:16:40 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:sender:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth; b=PWTCzBEfLMOvq89FXpiTcJUg0LVmO8v5EqojAgVDIojdXDviVbVNs8VoA0aKZ3DXUGjbrtAUynW0wOCFeEWW7RYVATgILi86qRkQ0hSIXOpyBpI7Uq1NoBJwRVag9+xDjYBNJmSoOblBg+EVqtpJqNlsowQp5kqRW7svgo7a8O4= Received: by 10.82.184.2 with SMTP id h2mr629299buf.1167164200724; Tue, 26 Dec 2006 12:16:40 -0800 (PST) Received: by 10.82.176.11 with HTTP; Tue, 26 Dec 2006 12:16:40 -0800 (PST) Message-ID: <1a5b6c410612261216x3f5d4b20g9e4cd7d82ea98ec5@mail.gmail.com> Date: Tue, 26 Dec 2006 21:16:40 +0100 From: "Carlos Sanchez" Sender: carlossg@gmail.com To: continuum-dev@maven.apache.org Subject: Re: Are passwords required? In-Reply-To: <84B11AD5-6C3A-4038-B881-30478F48D3AB@maven.org> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <84B11AD5-6C3A-4038-B881-30478F48D3AB@maven.org> X-Google-Sender-Auth: 7b3ba54138287d00 X-Virus-Checked: Checked by ClamAV on apache.org That's why they can give permissions to the guest user. I haven't seen any app that allows empty passwords for users. On 12/26/06, Jason van Zyl wrote: > > On 26 Dec 06, at 10:58 AM 26 Dec 06, Jesse McConnell wrote: > > > imo, yes :) > > > > only the administrator has the ability to make those decisions and > > they ought to be allowed to do it... > > > > Definitely, as it might be used in a small group, in an already > secure environment. Assume the driver has a brain. > > Jason. > > > we restrict it already that users are not by default allowed to make > > empty passwords but with a but of configuration they should be allowed > > to not have passwords, if that is the admin's desire. > > > > also, admins can make passwords that don't follow the password > > conventions, but by default they are setup to be forced to make a > > password that does conform on first login > > > > jesse > > > > On 12/26/06, Wendy Smoak wrote: > >> In 1.1-SNAPSHOT, on 'Create New User', I can create an account > >> with no > >> password, even though the two password fields have asterisks > >> displayed > >> next to them. > >> > >> If I then edit the user and uncheck the 'Change Password Next Login' > >> box, the user can log in without a password. > >> > >> Should this be possible? > >> > >> -- > >> Wendy > >> > > > > > > -- > > jesse mcconnell > > jesse.mcconnell@gmail.com > > > > -- I could give you my word as a Spaniard. No good. I've known too many Spaniards. -- The Princess Bride